levonk Posted November 7, 2008 Posted November 7, 2008 Hi, I am trying to create an account for users that have the privilege to add/delete accounts but not edit privileges. If I give the user access to manage the accounts & privileges provided in FMP 9 Advanced, the user will also be able to edit privileges. If I create a layout/script to add/delete accounts without giving them access to the Accounts&Privileges, I am not able to list the users and privileges to add or delete. Is there a way to get a list of all users and all privileges into a value list?
Colin Keefe Posted November 7, 2008 Posted November 7, 2008 Short answer, no. There's no Get() function that would supply those lists, for security reasons. You could, as you say, set up a user table and attach scripts to it. You could get around the inability to retrieve account names by creating account names from this table, so every account has a corresponding record in the table. The privilege set value list would still have to be hard coded. But I'd suggest for what you're doing you might be better off with External Authentication. Whoever needs to add/delete accounts could then do so via AD without needing to know anything about the FileMaker database.
Steven H. Blackwell Posted November 8, 2008 Posted November 8, 2008 I am trying to create an account for users that have the privilege to add/delete accounts but not edit privileges. You're going about this wrong. You need to create a Privilege Set, not an Account. After the privilege Set is created, then you can assign as many accounts as need be to it. In this Privilege Set allow users to read only. Then script the creation and deletion of Accounts to run script with full access privileges. There must be a separate script for each different Privilege Set in the file to which you want to allow new Accounts to be attached. HTH Steven
levonk Posted November 8, 2008 Author Posted November 8, 2008 You're going about this wrong. You need to create a Privilege Set, not an Account. After the privilege Set is created, then you can assign as many accounts as need be to it. In this Privilege Set allow users to read only. Then script the creation and deletion of Accounts to run script with full access privileges. There must be a separate script for each different Privilege Set in the file to which you want to allow new Accounts to be attached. This is how it is going to be scripted at the end. But I will need to use a layout to create accounts, where you can enter the username, password, and privileges. If a duplicate username is entered, I will need to tell the user that a user with that name exists. This is not very easy but is not impossible. I will also need to provide the user with a list of the privileges available, preferably in a pull down menu, or radio buttons. How will I get FMP to display the privileges without allowing access to the Accounts & Privileges window. Next, I want to change the password or delete a user, and I want usernames to appear in a drop down menu to select from. How do I get those? I thought of creating a table with username, password, and privileges, and then each time the program is ran I would re-create the accounts. But there is no way to delete all accounts, and the startup script is not run until you login. I could login as admin, do what I need and then re-login, but that is very easy to crack.
Vaughan Posted November 9, 2008 Posted November 9, 2008 A couple of things to understand about FMP's accounts: Only users with [Full Access] can change user accounts. The sneaky way around this is to create scripts that run with full access privileges that perform the account management tasks. That way theoretically any use can perform the account management by running the scripts. The running of the account scripts can be limited to specific privilege sets if desired. Passwords are not stored in FileMaker Pro files, so there is no way to tell users what their passwords are. The only option is to change the user's password to something else. There is no way to get a list of user accounts. When creating new accounts, trap for errors to determine whether the account already exists. Otherwise create an Accounts table to store the usernames. Don's store passwords in the accounts table, tempting though the idea is. To create a value list with usernames, create an accounts table. To create a value list of privilege set names, create a custom value list and type the names by hand. Privilege sets rarely change, and if they do it's easy enough to edit the value list.
levonk Posted November 9, 2008 Author Posted November 9, 2008 To create a value list with usernames, create an accounts table. I think this is the best solution till now. I will go with this until I find a better solution, if there is any. Thanks.
Recommended Posts
This topic is 5857 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now